Status of the ransomware attack. The good, the bad and the ugly …
In some ways, the devastating ransomware attacks of the past two years have enabled security officers to get the budgets they need to improve their organization’s cybersecurity readiness and put in place more robust security programs that cover people, technology, and practices. The brazen, nation-state-backed attacks on large corporations and critical infrastructure brought cybersecurity issues to the prime-time news and increased awareness and desire to act on corporate boards, CEOs, and key government agencies.
At the same time, the past year and a half has made things more difficult for cybersecurity officers and easier / more productive for cyber criminals. The workplace has changed due to COVID-19. Since February 2020, many companies around the world have changed the way they work and encouraged their employees to work from home on a part-time or full-time basis, expanding the cyber attack surface exponentially and adding numerous cybersecurity flaws.
Ransomware is about gaining access to corporate systems, encrypting or stealing data, and often threatens to sell it if a ransom is not paid. The problem is that even if the ransom is paid, cyber criminals may or may not provide the passkey to unlock the files. Perhaps that is why around 80% of victims ultimately choose not to pay the ransom. Additionally, 80% of businesses that choose to pay will experience a subsequent ransomware attack, 46% believe it was caused by the same attackers.
In addition, attackers access company networks and remain undetected there for months. Often times, these attacks are carried out not just by encrypting files, but by threatening a company’s reputation by telling everyone that they are in full control of their systems.
Given that none of us can really “trust” cybercriminals to return our files once we’ve paid the ransom, the question arises: should we pay the ransom or not? And if not, what more can we do? Our answer is NEITHER. We’ll come back to that in a moment.
The rise of the ransomware specialist
There is tremendous collaboration among cyber criminals today to realize the success of ransomware, and it is not necessary to be an expert at every level of the cyber kill chain. Attackers have specialties, and some sell their sophisticated tools in shopping carts on the darknet. Ransomware as-a-Service, if you will. This service is then bought by someone who is good at gaining access to organizations and preparing tool encryption. In return, they can share this information with a monetization professional to maximize profits. Perhaps a group of hackers will form soon. And so the level of specialization and sophistication of the attacks has increased. Attackers work together, they know what to look for, how to find them and how to move sideways in the company. Many attacks in recent years are believed to have been that these groups operate from nation-states that are aware of the activities and do nothing to stop them and provide effective support.
To learn more about how to protect your business from ransomware, Click here.
In the past few months we have seen some kind of awakening in both the US private and public sectors. President Biden signed an executive order requiring federal institutions to update their cybersecurity programs and strongly encourages companies to take the necessary steps to protect their assets.
Then the US Department of Justice announced that it would give ransomware attacks the same priority as terrorism cases.
Congress is working on the need for critical service companies to have cybersecurity protections in place, along with other cybersecurity-related initiatives, to improve the security postures of governments, critical infrastructures, and private sector organizations.
Efforts have also been made to break ransom payloads. In April of this year, the Institute for Security + Technology (IST) published a report by its Ransomware Task Force, which encourages the voluntary exchange of information about ransomware attacks, launches public awareness campaigns about ransomware threats and puts pressure on countries that are considered safe havens for ransomware act as operators (such as Russia, China, etc.) and provide incentives for the introduction of best safety practices through tax breaks.
However, these initiatives will take time. And right now everyone is vulnerable to a national cyber attack. None of us can afford to be complacent.
Let’s get back to the issue of ransom payment. Or not.
Let’s call this animal by name. If your systems have been hacked, the question is no longer relevant because no matter what you do, damage control is fine. Our recommendation to all businesses is to start pretending that you have already been or will be attacked immediately, as there is a good chance that you will.
In our next blog post, we’ll share our recommendations on what to do now to build a ransomware resilience strategy. If you follow them you will see that when you Take the right proactive action nowEven if you’ve been attacked, the results don’t have to be catastrophic for the business, and it’s often possible to dramatically mitigate the effects of ransomware regardless of ransom demands.
Mitigation in the results of ransomware attacks does not mean that a company is not being hacked. This means less downtime, more productivity, and the choice of how attacks are handled so the business can recover and even thrive regardless of paying the ransom.
Learn more about building a ransomware strategy with RansomCARE here.
Ask? Ask us anything here.